[Dshield] msblaster

This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sat, 2003-08-16 at 17:40, Pagarb at aol.com wrote:
> this might be premature, but a system I was working that had msblaster on it
Finding 'blaster' on a system indicates that it had a vulnerable version
of RPC DCOM installed. As a result, any of the auto-rooters in
cirulcation could have infected it. No telling what's on your system.
But I strongly recommend a complete rebuild. If authorities are
interested, you may want to secure the system as evidence.
This makes a point I did bring up a couple of times during the last
week:
If at all possible, rebuild infected systems from scratch after making a
backup. Your system was vulnerable to at least half a dozen of auto
rooters, irc bots and what else you would like to call them.
--
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt
-------BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/PqqtR1p7hYJvB/wRAok4AJ4p50r8Ov2CGYcU4NmCERNRN659cACfS9dV
HuRPjjgWhHrZoQJvUUX/nyk-----END PGP SIGNATURE-----
--
SHA1